Risk/threat based analysis auditing in advanced management information systems.
This dissertation discusses the growth of auditing and internal control and evaluates the present degree of knowledge and the current and future roles of auditors in a computer-based environment. An analysis of the current state of computer-based auditing is presented along with current research in...
| Main Author: | |
|---|---|
| Language: | en |
| Published: |
University of Canterbury. Accounting and Information Systems
2010
|
| Online Access: | http://hdl.handle.net/10092/3761 |
| Summary: | This dissertation discusses the growth of auditing and internal control and
evaluates the present degree of knowledge and the current and future roles of
auditors in a computer-based environment. An analysis of the current state of
computer-based auditing is presented along with current research in audit and
security methodologies is presented and critiqued. The concept of System
Metrics is formulated and defined and a computer-audit analysis system called
the Risk Evaluation Model (REM) is created, described and utilized. The Risk
Evaluation Model is an interactive set of programs written in FORTRAN which
assesses Information Systems for a variety of attributes to judge the "quality" of a
system. Currently the system assesses:
1. Portability of the System;
2. Maintainability of the System;
3. Complexity of the System;
4. Known threats to the System and known Features neutralizing
those threats;
5. The General System Security Level; and
6. The Hardware Reliability of the System.
The model is currently implemented on the Prime 750 computer. |
|---|